Fighting DDoS attacks is both challenging and interesting work. Without a doubt, every system administrator first tries to organize the protection of the site himself, especially since it is still possible. Typically, attackers generate a lot of packets or requests that eventually overload the target system. In general, DDoS attacks are always divided into types depending on at what level of the Open Systems Interconnection (OSI) model the attack occurs. Attacks at the network layer (layer 3), transport layer (layer 4), presentation layer (layer 6), and app layer (layer 7) are the most common.
These short tips will help prevent your own site from being attacked. This advice below will not help you deal with tough, serious attacks, but it will definitely save you from most of the danger.
3 Tips from DDos Attacks
The harsh truth is that many sites can be hacked by anyone using the Slowloris attack. Or, having arranged the so-called SYN-flood, using a farm of virtual servers raised in a minute in the Amazon EC2 cloud, hackers break sites in a matter of minutes. All further tips for protecting yourself from DDoS on your own are based on the following important tips.
1. Don’t use Apache. The most important condition is the rejection of Apache. This is such a free web server. The server is said to provide reliability and configuration flexibility. If you have Apache, then at least put a caching proxy in front of it, there’s nginx or lighttpd. It is extremely difficult for Apache to give files away, and, even worse, it is not vulnerable to the most dangerous Slowloris attack, which allows you to fill up the server almost from a mobile phone. To combat various types of Slowloris, Apache users first came up with the Anti-slowloris.diff patch, then mod_noloris, then mod_antiloris, mod_limitipconn, mod_reqtimeout… And it’s all too confusing! So if you want to sleep well at night, it’s easier to take an HTTP server that is invulnerable to Slowloris at the level of code architecture.
2. Ban for geolocation. How to protect from DDos attacks? That’s so easy! You can severely restrict individual countries that you feel uncomfortable from. Just connect the GeoIP module to nginx. Then you should display georeference information in the access log. After modifying the above shell script, view nginx’s access log and add geographically selected clients to the ban.
3. Track requests per second. Look at the number of requests per second. In the case of nginx, you can roughly estimate this value with the generated shell command. Compared to the normal level for this time of day, the number of requests per second can both fall and grow. They grow if a large bot arrives and fall if the incoming bot crashes the site, making it completely inaccessible to legitimate users. The most interesting thing is that the bot does not request statics, but legitimate users do. The drop in the number of requests is observed precisely due to statics.
There is no universal protection against all types of DDoS attacks. If it existed, “monsters” like Google or Amazon would not spend billions of dollars on cyber defense and would not announce periodic contests to find vulnerabilities with millions in prize money.
Why do These Attacks Happen?
Most often, the reasons are related to commercial activities. For example, it can be a DDoS attack on an order if it occurs after the launch of an active advertising campaign or marketing activities. Perhaps you just crossed the road to competitors.
Another reason for a DDoS attack is extortion. An e-mail message comes from a well-wisher who offers to transfer him some amount in bitcoins, or the site will be attacked. Most often, the threat will not be carried out, but you can run into a real scammer. There is also such an option when the site has already been hacked, and the scammers offer to pay to stop the attack. It is possible that the site just got under distribution. DDoS attacks can paralyze the servers of any hosting provider, causing all of its websites to stop working. This is unlikely but also possible.
You should find out about problems with access to the site immediately. Use services that check the site at regular intervals and automatically inform the owner about unavailability. You can quickly make checks, disable ads, notify the hosting provider and/or the company that provides technical support for the site about problems, monitor the work of staff members, or try to clear the traffic yourself. And also, do not forget about the good old Firewall, which still helps in protecting against weak attacks.